<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Alerting on cluster and index events | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'xpack-alerting.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/xpack-alerting.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/xpack-alerting.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/xpack-alerting.html" rel="nofollow" target="_blank">../en/xpack-alerting.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-node">Alerting on cluster and index events</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-limitations.html">« Security limitations</a>
</span>
<span class="next">
<a href="watcher-getting-started.html">Getting started with Watcher »</a>
</span>
</div>
<div class="part xpack">
<div class="titlepage"><div><div>
<h1 class="title">
<a id="xpack-alerting"></a>Alerting on cluster and index events<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/index.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h1>
</div></div></div>
<div class="openblock partintro">
<div class="content">
<p>The alerting features enable you to watch
for changes or anomalies in your data and perform the necessary actions in
response. For example, you might want to:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
Monitor social media as another way to detect failures in user-facing
automated systems like ATMs or ticketing systems. When the number of tweets
and posts in an area exceeds a threshold of significance, notify a service
technician.
</li>
<li class="listitem">
Monitor your infrastructure, tracking disk usage over time. Open a helpdesk
ticket when any servers are likely to run out of free space in the next few
days.
</li>
<li class="listitem">
Track network activity to detect malicious activity, and proactively change
firewall configuration to reject the malicious user.
</li>
<li class="listitem">
Monitor Elasticsearch, and send immediate notification to the system
administrator if nodes leave the cluster or query throughput exceeds an
expected range.
</li>
<li class="listitem">
Track application response times and if page-load time exceeds SLAs for more
than 5 minutes, open a helpdesk ticket. If SLAs are exceeded for an hour,
page the administrator on duty.
</li>
</ul>
</div>
<p>All of these use-cases share a few key properties:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
The relevant data or changes in data can be identified with a periodic
Elasticsearch query.
</li>
<li class="listitem">
The results of the query can be checked against a condition.
</li>
<li class="listitem">
One or more actions are taken if the condition is true — an email is sent, a
3rd party system is notified, or the query results are stored.
</li>
</ul>
</div>
<h3>
<a id="_how_watches_work"></a>How watches work<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/index.asciidoc">edit</a>
</h3>
<p>The alerting features provide an API for creating, managing and testing <em>watches</em>.
A watch describes a single alert and can contain multiple notification actions.</p>
<p>A watch is constructed from four simple building blocks:</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
Schedule
</span>
</dt>
<dd>
A schedule for running a query and checking the condition.
</dd>
<dt>
<span class="term">
Query
</span>
</dt>
<dd>
The query to run as input to the condition. Watches
support the full Elasticsearch query language, including
aggregations.
</dd>
<dt>
<span class="term">
Condition
</span>
</dt>
<dd>
A condition that determines whether or not to execute the actions.
You can use simple conditions (always true), or use scripting for
more sophisticated scenarios.
</dd>
<dt>
<span class="term">
Actions
</span>
</dt>
<dd>
One or more actions, such as sending email, pushing data to
3rd party systems through a webhook, or indexing the results of
the query.
</dd>
</dl>
</div>
<p>A full history of all watches is maintained in an Elasticsearch index. This
history keeps track of each time a watch is triggered and records the results
from the query, whether the condition was met, and what actions were taken.</p>
</div>
</div>













</div>
<div class="navfooter">
<span class="prev">
<a href="security-limitations.html">« Security limitations</a>
</span>
<span class="next">
<a href="watcher-getting-started.html">Getting started with Watcher »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>